Kavo.exe related problem. [with Hijackthis & Deckard's System Scanner Log]

lackadaiz · Jan 15, 2008

Thanks in advance....

HIJACKTHIS LOG

Logfile of HijackThis v1.99.1
Scan saved at 3:36:31 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
E:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
E:\PROGRAMS\BitComet\BitComet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://1stopstation.blogspot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\PROGRAMS\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "E:\PROGRAMS\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe
O4 - HKLM\..\Run: [@RegRunOnSecure] e:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
O4 - HKLM\..\RunOnce: [hh7cx] %systemroot%\system32\Rundll32.exe %systemroot%\system32\hh7cx.dll,DllUnregisterServer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Regrun2] e:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - HKCU\..\Run: [Registry] "e:\Program Files\Greatis\RegRunSuite\lsoon.exe" -1 30 "e:\Program Files\Greatis\RegRunSuite\rescue.exe" /a "c:\backreg\rstore.ini"
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\PROGRAMS\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\PROGRAMS\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\PROGRAMS\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\PROGRAMS\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WB - E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

lackadaiz · Jan 15, 2008

Deckard's System Scanner v20071014.68
Run by Syl & Huiling on 2008-01-15 13:24:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
6: 2008-01-15 05:25:09 UTC - RP6 - Deckard's System Scanner Restore Point
5: 2008-01-14 16:02:54 UTC - RP5 - System Checkpoint
4: 2008-01-12 17:53:51 UTC - RP4 - System Checkpoint
3: 2008-01-11 16:41:51 UTC - RP3 - System Checkpoint
2: 2008-01-10 16:14:58 UTC - RP2 - System Checkpoint

-- First Restore Point --
1: 2008-01-09 15:44:53 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-15 13:26:57
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\Program Files\Greatis\RegRunSuite\WatchDog.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
E:\PROGRAMS\BitComet\BitComet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Syl & Huiling\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://1stopstation.blogspot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\PROGRAMS\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "E:\PROGRAMS\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe
O4 - HKLM\..\Run: [@RegRunOnSecure] e:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
O4 - HKLM\..\RunOnce: [hh7cx] %systemroot%\system32\Rundll32.exe %systemroot%\system32\hh7cx.dll,DllUnregisterServer
O4 - HKLM\..\RunOnceEx: [Flags] 128
O4 - HKLM\..\RunOnceEx: [Title] RegRun II Secure Start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Regrun2] e:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - HKCU\..\Run: [Registry] "e:\Program Files\Greatis\RegRunSuite\lsoon.exe" -1 30 "e:\Program Files\Greatis\RegRunSuite\rescue.exe" /a "c:\backreg\rstore.ini"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\PROGRAMS\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\PROGRAMS\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\PROGRAMS\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: wbsys.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9020 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - E:\Program Files\Stardock\Object Desktop\IconPackager\Themes\ROUNDer\ROUNDer.icl,51
.chm - chm.file - DefaultIcon - E:\Program Files\Stardock\Object Desktop\IconPackager\Themes\ROUNDer\ROUNDer.icl,15
.hlp - hlpfile - DefaultIcon - E:\Program Files\Stardock\Object Desktop\IconPackager\Themes\ROUNDer\ROUNDer.icl,15
.inf - inffile - DefaultIcon - E:\Program Files\Stardock\Object Desktop\IconPackager\Themes\ROUNDer\ROUNDer.icl,47
.ini - inifile - DefaultIcon - E:\Program Files\Stardock\Object Desktop\IconPackager\Themes\ROUNDer\ROUNDer.icl,47
.js - JSFile - DefaultIcon - C:\WINDOWS\System32\WScript.exe,3
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70
.vbs - VBSFile - DefaultIcon - C:\WINDOWS\system32\WScript.exe,2

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 a2cf40z (a2cf40) - c:\windows\system32\drivers\a2cf40z.sys
R3 RegGuard - c:\windows\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>

S0 BootScreen - c:\windows\\systemroot\system32\drivers\vidstub.sys (file missing)
S0 Partizan - c:\windows\system32\drivers\partizan.sys <Not Verified; Greatis Software; RegRun Security Suite>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_100A147B&REV_02\3&13C0B0C5&0&FD
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_100A147B&REV_02\3&13C0B0C5&0&FD
Service:

-- Files created between 2007-12-15 and 2008-01-15 -----------------------------

2008-01-09 19:04:50 8944 --a------ C:\WINDOWS\system32\drivers\UnHackMeDrv.sys <Not Verified; Greatis Software, LLC.; UnHackme>
2008-01-09 19:03:29 25600 --a------ C:\WINDOWS\system32\Partizan.exe <Not Verified; Greatis Software; RegRun Security Suite>
2008-01-09 19:03:29 31138 --a------ C:\WINDOWS\system32\drivers\Partizan.sys <Not Verified; Greatis Software; RegRun Security Suite>
2008-01-09 19:03:29 0 d-------- C:\backreg
2008-01-09 19:03:28 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Regrun
2008-01-09 19:01:52 16384 --a------ C:\WINDOWS\WinBait.exe
2008-01-09 19:01:52 441856 --a------ C:\WINDOWS\RunGuard.exe <Not Verified; Greatis Software; RegRun Security Suite>
2008-01-08 23:56:02 25773 --a------ C:\WINDOWS\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
2008-01-07 19:16:10 194560 --a------ C:\WINDOWS\jan-screensaver.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2008-01-07 19:16:03 0 d-------- C:\WINDOWS\jan-screensaver dir
2008-01-07 19:16:03 12288 --a------ C:\WINDOWS\impborl.dll
2008-01-07 19:16:03 606848 --a------ C:\WINDOWS\flashax.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(R) Operating System>
2008-01-07 19:12:40 102912 --a------ C:\WINDOWS\system32\Vb6stkit.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-01-07 19:12:40 232 --a------ C:\Documents and Settings\Syl & Huiling\MySony.dll
2008-01-05 00:27:00 0 d--h----- C:\WINDOWS\PIF
2008-01-03 15:56:41 0 d-------- C:\Program Files\MegauploadToolbar
2008-01-03 15:56:40 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\MegauploadToolbar
2008-01-02 17:09:04 0 d-------- C:\WINDOWS\system32\windows media
2008-01-02 17:08:24 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-01-02 17:08:18 0 d-------- C:\Program Files\Windows Media Components
2008-01-02 12:55:21 114222 -r-hs---- C:\copetttt.com
2007-12-29 01:13:56 0 d-------- C:\Program Files\Real Alternative
2007-12-29 00:58:16 164352 --a------ C:\WINDOWS\system32\unrar.dll
2007-12-29 00:58:13 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-12-29 00:58:12 282624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-29 00:58:12 1559040 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-29 00:58:11 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-29 00:58:11 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-12-29 00:58:11 739840 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-29 00:58:10 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-12-27 09:00:36 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Sony Corporation
2007-12-26 23:55:52 0 d-------- C:\WINDOWS\system32\DLA
2007-12-26 23:55:50 0 d-------- C:\Program Files\Sonic
2007-12-26 23:46:40 0 d-------- C:\Program Files\Sony
2007-12-26 23:45:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2007-12-26 23:45:15 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\InstallShield
2007-12-26 23:28:52 3654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2007-12-26 23:28:52 0 d-------- C:\Drivers
2007-12-26 19:37:01 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Real
2007-12-26 17:39:01 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\DivX
2007-12-26 14:41:36 0 d-------- C:\Program Files\Common Files\xing shared
2007-12-26 14:41:17 0 d-------- C:\Program Files\Common Files\Real
2007-12-26 14:41:16 0 d-------- C:\Program Files\Real
2007-12-23 09:25:42 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Publish Providers
2007-12-23 09:24:59 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-23 09:24:37 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Sony
2007-12-23 09:19:49 0 d-------- C:\Program Files\Vstplugins
2007-12-23 09:19:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony

-- Find3M Report ---------------------------------------------------------------

2008-01-14 18:54:27 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000002-80651102}.dat
2008-01-14 18:54:27 24 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000009-00001102-00000002-80651102}.dat
2008-01-04 13:05:08 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-26 23:56:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-26 23:28:20 0 d-------- C:\Program Files\Common Files\InstallShield
2007-12-26 14:41:36 0 d-------- C:\Program Files\Common Files
2007-12-23 09:05:26 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-13 10:31:11 0 d-------- C:\Program Files\MSN Messenger
2007-12-12 06:33:14 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-12-11 22:03:29 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Sun
2007-12-11 08:25:05 0 d-------- C:\Program Files\MSXML 4.0
2007-12-11 08:05:07 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\vlc
2007-12-10 23:10:47 20541 --a------ C:\WINDOWS\system32\detoured.dll <Not Verified; Microsoft Corporation; Microsoft Research Detours Package>
2007-12-10 23:10:47 515584 --a------ C:\WINDOWS\Install2154.exe
2007-12-10 19:42:05 1279 --a------ C:\WINDOWS\mozver.dat
2007-12-10 19:41:50 0 d-------- C:\Program Files\Java
2007-12-10 19:39:51 0 d-------- C:\Program Files\Common Files\Java
2007-12-10 19:26:01 0 d-------- C:\Program Files\eREAD6.0
2007-12-10 19:16:34 0 d-------- C:\Program Files\Windows Live Safety Center
2007-12-10 19:01:51 0 --a------ C:\WINDOWS\acdsee321.dll
2007-12-10 18:58:14 58368 --a------ C:\WINDOWS\system32\SkypeClient.exe <Not Verified; ; SkypeClient ????>
2007-12-10 18:03:24 0 d-------- C:\Program Files\Common Files\Stardock
2007-12-10 17:35:59 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\WinRAR
2007-12-09 22:52:30 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Media Player Classic
2007-12-08 09:52:02 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll <Not Verified; BitComet; BitComet BCTP Helper>
2007-12-08 01:49:56 0 d-------- C:\Program Files\Common Files\ODBC
2007-12-08 01:49:53 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-12-08 01:49:30 62 --ahs---- C:\Documents and Settings\Syl & Huiling\Application Data\desktop.ini
2007-12-08 01:16:01 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Symantec
2007-12-08 00:16:04 0 d-------- C:\Program Files\Symantec
2007-12-07 23:48:36 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Macromedia
2007-12-07 23:48:34 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Adobe
2007-12-07 23:42:19 0 d-------- C:\Program Files\Stardock
2007-12-07 23:41:38 0 d-------- C:\Program Files\Windows Live
2007-12-07 23:41:12 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-07 23:16:50 0 d-------- C:\Program Files\New Folder
2007-12-07 23:15:34 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-07 23:15:32 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Mozilla
2007-12-07 23:12:37 0 d-------- C:\Program Files\Microsoft Works
2007-12-07 23:12:21 0 d-------- C:\Program Files\MSBuild
2007-12-07 23:11:12 0 d-------- C:\Program Files\Microsoft.NET
2007-12-07 23:09:34 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-12-07 22:52:27 0 d-------- C:\Program Files\MSXML 6.0
2007-12-07 19:37:43 0 d-------- C:\Program Files\Reference Assemblies
2007-12-07 19:34:20 0 d-------- C:\Program Files\Windows Media Connect 2
2007-12-07 19:24:17 0 d-------- C:\Program Files\Messenger
2007-12-07 19:07:01 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\InterTrust
2007-12-07 19:00:17 0 d-------- C:\Program Files\Creative
2007-12-07 18:26:33 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Identities
2007-12-07 18:13:38 0 d-------- C:\Program Files\microsoft frontpage
2007-12-07 18:13:18 0 -rahs---- C:\MSDOS.SYS
2007-12-07 18:13:18 0 -rahs---- C:\IO.SYS
2007-12-07 18:13:18 0 --a------ C:\CONFIG.SYS
2007-12-07 18:13:18 0 --a------ C:\AUTOEXEC.BAT
2007-12-07 18:11:44 0 d--h----- C:\Program Files\WindowsUpdate
2007-12-07 18:11:03 0 d-------- C:\Program Files\Common Files\MSSoap
2007-12-07 18:10:56 0 d-------- C:\Program Files\Movie Maker
2007-12-07 18:10:13 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-12-07 18:09:50 0 d-------- C:\Program Files\Online Services
2007-12-07 18:09:41 0 d-------- C:\Program Files\MSN Gaming Zone
2007-12-07 18:09:34 0 d-------- C:\Program Files\Windows NT

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINDVDPatch"="CTHELPER.EXE" [07/02/2002 05:56 PM C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [11/29/2001 01:00 AM]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [12/20/2001 01:00 AM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/03/2004 10:32 PM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/03/2004 10:31 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 10:32 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 10:32 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 09:59 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"BootSkin Startup Jobs"="E:\PROGRAMS\BootSkin\BootSkin.exe" [04/26/2004 04:21 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/30/2007 12:49 AM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [06/13/2006 05:20 AM]
"RegRun WinBait"="C:\WINDOWS\winbait.exe" [12/12/2000 07:56 PM]
"@RegRunOnSecure"="e:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe" [01/22/2003 11:03 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"Regrun2"="e:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe" [12/17/2007 12:30 PM]
"Registry"="e:\Program Files\Greatis\RegRunSuite\lsoon.exe" [12/17/2007 12:28 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"hh7cx"=%systemroot%\system32\Rundll32.exe %systemroot%\system32\hh7cx.dll,DllUnregisterServer

C:\Documents and Settings\Syl & Huiling\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [12/26/2007 11:47:00 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F552DDE6-2090-4bf4-B924-6141E87789A5}"= e:\Program Files\Greatis\RegRunSuite\RRShell.dll [11/02/2004 09:15 AM 368711]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 12/20/2001 11:34 PM 24576 E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dac2540-a4b5-11dc-a604-00508d4e20d5}]
AutoRun\command- H:\f.cmd
explore\Command- H:\f.cmd
open\Command- H:\f.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abdfb87f-a662-11dc-a60d-00508d4e20d5}]
AutoRun\command- L:\copetttt.com
explore\Command- L:\copetttt.com
open\Command- L:\copetttt.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3118f54-a4eb-11dc-b2cb-806d6172696f}]
AutoRun\command- f.cmd
explore\Command- f.cmd
open\Command- f.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3118f55-a4eb-11dc-b2cb-806d6172696f}]
AutoRun\command- f.cmd
explore\Command- f.cmd
open\Command- f.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3118f57-a4eb-11dc-b2cb-806d6172696f}]
AutoRun\command- f.cmd
explore\Command- f.cmd
open\Command- f.cmd

*Newly Created Service* - COMHOST

-- End of Deckard's System Scanner: finished at 2008-01-15 13:29:28 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 2.40GHz
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 1023.48 MiB / 355.09 MiB
Pagefile Memory (total/avail): 2462 MiB / 1811.21 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1918.11 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 24.41 GiB total, 6.69 GiB free.
D: is Fixed (NTFS) - 372.61 GiB total, 215.85 GiB free.
E: is Fixed (NTFS) - 87.37 GiB total, 85.87 GiB free.
F: is CDROM (CDFS)
G: is CDROM (Unformatted)

\\.\PHYSICALDRIVE0 - ST3120026A - 111.79 GiB - 2 partitions
\PARTITION0 - Extended w/Extended Int 13 - 24.41 GiB - C:
\PARTITION1 (bootable) - Installable File System - 87.37 GiB - E:

\\.\PHYSICALDRIVE1 - ST3400620A - 372.61 GiB - 1 partition
\PARTITION0 - Installable File System - 372.61 GiB - D:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton 360 v2007 (SYMANTEC Corporation)
AV: Norton 360 v2007 (SYMANTEC Corperation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Syl & Huiling\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MOJO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Syl & Huiling
LOGONSERVER=\\MOJO
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\SYL&HU~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\SYL&HU~1\LOCALS~1\Temp
USERDOMAIN=MOJO
USERNAME=Syl & Huiling
USERPROFILE=C:\Documents and Settings\Syl & Huiling
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Syl & Huiling (admin)

-- Add/Remove Programs ---------------------------------------------------------

-- Application Event Log -------------------------------------------------------

Event Record #/Type1849 / Success
Event Submitted/Written: 01/14/2008 10:43:05 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1800 / Success
Event Submitted/Written: 01/13/2008 05:27:19 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1700 / Success
Event Submitted/Written: 01/11/2008 00:30:42 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1685 / Success
Event Submitted/Written: 01/10/2008 03:11:37 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1656 / Success
Event Submitted/Written: 01/09/2008 07:35:17 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type2929 / Error
Event Submitted/Written: 01/15/2008 01:18:40 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer USER-2FB3F736A7
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8F4CE6F5-1E7.
The master browser is stopping or an election is being forced.

Event Record #/Type2928 / Warning
Event Submitted/Written: 01/15/2008 00:11:01 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type2927 / Error
Event Submitted/Written: 01/15/2008 00:06:35 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer USER-2FB3F736A7
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8F4CE6F5-1E7.
The master browser is stopping or an election is being forced.

Event Record #/Type2926 / Error
Event Submitted/Written: 01/15/2008 11:06:30 AM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer USER-2FB3F736A7
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8F4CE6F5-1E7.
The master browser is stopping or an election is being forced.

Event Record #/Type2922 / Error
Event Submitted/Written: 01/15/2008 10:06:28 AM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer USER-2FB3F736A7
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8F4CE6F5-1E7.
The master browser is stopping or an election is being forced.

-- End of Deckard's System Scanner: finished at 2008-01-15 13:29:28 ------------

Nephilim · Jan 21, 2008

One thread per topic please.

Log in or Sign up

Kavo.exe related problem. [with Hijackthis & Deckard's System Scanner Log]

lackadaiz Guest

lackadaiz Guest

Nephilim Moderator Staff Member

Share This Page

Log in or Sign up

Kavo.exe related problem. [with Hijackthis & Deckard's System Scanner Log]

lackadaiz Guest

lackadaiz Guest

Nephilim Moderator Staff Member

Share This Page

Useful Searches